Purpose:

Enroll PK only valid when Secure Boot set disabled and return to Setup Mode.

Target Audience:

To who has well understood PKI and Secure Boot.

Secure Boot:

Secure Boot is a security standard developed by members of the PC industry to help ensure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM). When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs), EFI applications, and the operating system. If the signatures are valid, the PC boots, and the firmware gives control to the operating system.

Secure Boot is designed to protect the boot process from attacks that seek to compromise it, ensuring that only trusted software is allowed to run during boot. It's an important feature for maintaining the security of a system, especially in environments where integrity and reliability are critical.

Step:

1. Enter BIOS setup and disable Secure Boot.

How to enable and disable Secure Boot in BIOS?

2. Keep "Secure Boot Mode" in Custom.

3. Select "Reset To Setup Mode".

4. System Mode will be changed to "Setup" after Step #3.

5. Press [Esc] and "Save Changes and Reset".

6. Enter BIOS to check System Mode in Setup.

7. Enter Linux and leverage the command as another confirmation.

# sudo apt install efitools

# sudo mokutil --sb-state
SecureBoot disabled
Platform is in Setup Mode